Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-3783:01 Moderate: OpenShift Container Platform 4.4.23

    Date
    198
    Posted By
    An update for cluster-network-operator-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: OpenShift Container Platform 4.4.23 cluster-network-operator-container security update
    Advisory ID:       RHSA-2020:3783-01
    Product:           Red Hat OpenShift Enterprise
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3783
    Issue date:        2020-09-22
    CVE Names:         CVE-2020-14040 
    =====================================================================
    
    1. Summary:
    
    An update for cluster-network-operator-container is now available for Red
    Hat OpenShift Container Platform 4.4.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Description:
    
    OpenShift Container Platform components are primarily written in Go
    (golang).
    The golang.org/x/text contains text-related packages which are used for
    text operations, such as character encodings, text transformations, and
    locale-specific text handling.
    
    Security Fix(es):
    
    * golang.org/x/text: possibility to trigger an infinite loop in
    encoding/unicode could lead to crash (CVE-2020-14040)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    3. Solution:
    
    For OpenShift Container Platform 4.4 see the following documentation, which
    will be updated shortly for this release, for important instructions on how
    to upgrade your cluster and fully apply this asynchronous errata update:
    
    https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel
    ease-notes.html
    
    Details on how to access this content are available at
    https://docs.openshift.com/container-platform/4.4/updating/updating-cluster
    - -cli.html.
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2020-14040
    https://access.redhat.com/security/updates/classification/#moderate
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBX2mk/tzjgjWX9erEAQi5nw//aHBiIask+4ZcImEco4HwF1B/LxEOMRnu
    qRw1Kjf/b8S30WFZvL8sWaui5MXLzQu9dMHp2xrX939lqIyRlIMSoUugstDE+Vi2
    LJWhuBysbl1kcIFBZQN64KskvV+iyIs5cbcPm1TPYNsZ9e9xQnXuUU9uANalTnyQ
    618qAcdJQl8wNrrPHFVf5F5CjEke6sLNeDicbjHtWj7ElTaff2VDaWWl3228xcd3
    Zv/iVW0amkw6WXVYfT1kvT0KFyPx0bmQy684PGN/tLTvkaLXhRPwU44zL8KzXys9
    ltKnrN1m8zG6Evxs/V9ECP47+rOxTwGA7+brusRHKSU6aGtwJrU/Qr/EavQAskxs
    d9F04YkNT47iyxkYcxiomroje3apCEeqcCLg7X1XvCxCEy3xUN+JXqWPSPASt87T
    DaUnEImij1UuQnIKvvNASbK2dOAhNRXPXXStrU0xuSlhDjbKJatwa144/SwX2tQf
    m4KEt4KLlt+S4PkxdaIP5C53RrwKcNVSi5x6siIlxOukd2Svv5ICRZ6292BRIlka
    zjdE1PKLn67stIQtVaja79rQB5Ue+rVXaC17RKREJ4AVoeGg4jwiXIOI1EYdWhs/
    MJ/UtWcw/aNfCCtgaf+PB44Ch4DPN6tl9Dkm8AsXmYp5weYQyMREc70pdzn/VrsA
    pArJ1XmPZ9I=
    =zzu8
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    Which statement best describes how you feel about the recent Linux 5.9 release?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/40-what-change-are-you-most-excited-about-in-linux-5-9?task=poll.vote&format=json
    40
    radio
    [{"id":"140","title":"Not a game-changer for me.","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"141","title":"I'm happy with the performance improvements it offers.","votes":"3","type":"x","order":"2","pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.